hellorust in SGX using Gramine

# hellorust in SGX using Gramine Links: [[-Lexe/Lexe]], [[Rust]], [[SGX]], [[Gramine]] ### Prerequisites - [[Gramine on Azure Ubuntu 20.04]] - [[Rust]] - Authenticated [[Git]] ## Steps ```bash # Grab the lexe-deploy repo git clone [email protected]:MaxFangX/lexe-deploy.git cd hellorust # Compile and run the program with SGX, without debug (prod) make clean make SGX=1 gramine-sgx hellorust # Compile and run the program without SGX, with debug (dev) make clean make DEBUG=1 gramine-direct hellorust ``` ## Dynamic linking error (solved) ~~Following the steps above produces the following error:~~ ```bash $ gramine-sgx hellorustsgx Parsing TOML manifest file, this may take some time... hellorustsgx: error while loading shared libraries: libgcc_s.so.1: cannot open shared object file: No such file or directory ``` ### Solution: `$ARCH_LIBDIR` and `/usr/$ARCH_LIBDIR` needed to be included in `sgx.trusted_files`, `LD_LIBRARY_PATH`, and `fs.mounts` ARCH_LIBDIR is set in the [[Makefile]] as ```Makefile ARCH_LIBDIR ?= /lib/$(shell $(CC) -dumpmachine) ``` and is used throughout `hellorust.manifest.template`. Read through these two files for details. ### ~~Approaches:~~ There are several approaches: 1) Statically-link the Rust binary 2) Add the missing object file to `$LD_LIBRARY_PATH` 3) Attempt to install libc via [[Ubuntu]]'s `apt` ### Approach 1: Compile the binary with [[musl]] Main idea: Statically-link the [[Rust]] binary by compiling it with [[musl]] #### Add the [[musl]] toolchain to rustup ```bash rustup target add x86_64-unknown-linux-musl ``` See also: [[musl#musl distributions available as rustup targets]] ### Compile the binary with musl ```bash cargo build --release --target=x86_64-unknown-linux-musl # Then redo all the following steps ``` More info: - (Rust forum thread) [Compile on ubuntu and run on RHEL?](https://users.rust-lang.org/t/compile-on-ubuntu-and-run-on-rhel/11727) - (Stack Overflow): [How to generate statically linked executables?](https://stackoverflow.com/a/31778003) - "Rust statically links everything but glibc (and libgcc, iirc) by default." **Failure:** Same error ### Approach 2: Add the `libgcc_s.so` to `$LD_LIBRARY_PATH` (Stack Overflow answer) [Linux error while loading shared libraries: cannot open shared object file: No such file or directory](https://stackoverflow.com/a/21173918) The location of the missing file `libgcc_s.so`: ```bash sudo find / -name libgcc_s.so > /usr/lib/gcc/x86_64-linux-gnu/9/libgcc_s.so ``` Replace `/lib` in `hellorustsgx.manifest.template` with: `/lib:/usr/lib/gcc/x86_64-linux-gnu/9` ### Approach 3: Install libgcc via package manager More info: - (Github issue): [Rustup should warn if libgcc is not installed on Alpine](https://github.com/rust-lang/rustup/issues/2213#issuecomment-578684336)